Testing Rails with Authentication

I’ve been putting off doing functional testing with rails for a while now because of the snag that we couldn’t figure out how to test with authentication. Finally I’ve decided to solve this once and for all and get to the root of the problem. First approach we tried was to explicitly log in using a post request to the login page in the test setup. Of course, it didn’t work as each request I believe is independent of the subsequent requests, at least during functional testing.

The next approach we tried was to go down one level and expose the method that sets the current user for the session, and then call that as a controller function. This made me a bit uneasy because we were making the current user setter public, which could probably mean that it would be exposed as an action that can be exploited. Either way, this approach still didn’t work and was still giving us a 302 redirected status.

We decided to go one more level down and tried then to explicitly set the session hash, which is how we keep track of the current user. One way that I came across was to set the session variable in a request object, that is

or some reason, this didn’t work out either. Finally, it turns out that session variables can be set on every (get/post/put/delete) request made as an optional parameter. Now, each of the request type methods are wrapped with an extra user parameter to make that request on behalf of that user. For example, we now have a get_as method defined as: